Focus - Health Tips » What is HIPAA?
What is HIPAA?
By Dr. Moghissi - March 2003
On April 14th 2003, the first set of HIPAA regulations took effect. Most people barely noticed, but in the medical field this was a really big deal. HIPAA stands for Health Insurance Portability and Accountability Act, and was originally drafted to standardize billing in the medical industry. Somewhere along the way, privacy regulations were added in, and that is where the biggest impact was.
We are required to post the rules in a conspicuous space. You are offered a copy of the rules to take home with you, and will be asked to sign that you have received them. You may refuse to sign, but we have to document that we offered you a copy of the rules and you refused to sign. You have the right to ask for and receive a copy of your medical records, unless we have a compelling reason not to allow you to see them. You have a right to amend your record. You will need to sign a special form to have your records released to anyone but another medical entity (generally a doctor). This will usually come up when you try to get life insurance and they want a copy of your medical records.
If you think your privacy has been breached, there is a form for filling out a grievance. Marketers cannot use your private health information (PHI) without your specific consent. Each medical practice has a privacy officer who is supposed to be up on the rules, and take in, file, and act on all these forms (although not necessarily in that order). If you want any private information, including lab test results, mailed to your home, you will need to complete another consent form. That is also one of the reasons I have required my patients to complete an email consent form prior to allowing email communication.
Those who have been to my office recently know I have all my patient records on the computer, and am using an electronic medical records (EMR) system. This is recommended under HIPAA, as it is harder for casual observers to see PHI when it is all on computer. (There will be no charts and random pieces of paper with people's private health information lying around.) Any business associate who has access to PHI will need to sign an agreement with me certifying that they will not release any information they receive to anyone else. My primary agreements are with the computer vendors who maintain the system, and my billing company. Other offices need to make agreements with transcription services, billing services, document destruction services, etc.
There are many more nuances that go along with HIPAA (the regulations are reportedly 500 pages long, but I can't confirm that), but this should give you an idea what we are up against. In addition, there are hefty fines and even jail terms for non-compliance. Pretty scary. Please be patient with your health care providers as we all try to comply with HIPAA
Copyright 2017 Jasmine Moghissi, MD,PC.